Hot stuff

Delta vs. CrowdStrike: The duties vendors owe to customers – or do they?

Axio, cybersecurity, data breach, Don't miss, Expert analysis, Expert corner, Hot stuff, law, lawsuit, News, opinion, risk, threats /

Delta vs. CrowdStrike: The duties vendors owe to customers – or do they? 2024-08-14 at 08:01 By Help Net Security In a potentially groundbreaking dispute, Delta Air Lines is threatening to sue CrowdStrike, a leading cybersecurity firm, for alleged negligence and breach of contract. This case brings to the forefront critical questions about the duties […]

React to this headline:

Loading spinner

Delta vs. CrowdStrike: The duties vendors owe to customers – or do they? Read More »

IntelOwl: Open-source threat intelligence management

Don't miss, GitHub, Hot stuff, News, open source, software, Threat Intelligence /

IntelOwl: Open-source threat intelligence management 2024-08-14 at 07:31 By Mirko Zorz IntelOwl is an open-source solution designed for large-scale threat intelligence management. It integrates numerous online analyzers and advanced malware analysis tools, providing comprehensive insights in one platform. “In late 2019, I faced a significant challenge while working as a cybersecurity analyst in a Security

React to this headline:

Loading spinner

IntelOwl: Open-source threat intelligence management Read More »

Current attacks, targets, and other threat landscape trends

Cisco, cybersecurity, Don't miss, Hot stuff, Incident Response, News, report, threats, Video /

Current attacks, targets, and other threat landscape trends 2024-08-14 at 06:31 By Help Net Security In this Help Net Security video, Kendall McKay, Strategic Lead, Cyber Threat Intelligence at Cisco Talos, discusses the trends that Cisco Talos incident response observed in incident response engagements from Q2 2024, which covers April to June. While the attacks

React to this headline:

Loading spinner

Current attacks, targets, and other threat landscape trends Read More »

Microsoft fixes 6 zero-days under active attack

0-day, CVE, Don't miss, Hot stuff, Immersive Labs, Microsoft, Microsoft Edge, MS Office, News, Patch Tuesday, security update, Tenable, Trend Micro, Windows /

Microsoft fixes 6 zero-days under active attack 2024-08-13 at 23:16 By Zeljka Zorz August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly known. The zero-days under attack CVE-2024-38178 is a Scripting Engine Memory Corruption Vulnerability

React to this headline:

Loading spinner

Microsoft fixes 6 zero-days under active attack Read More »

Suspected head of Reveton, Ransom Cartel RaaS groups arrested

arrest, cybercriminals, exploit kit, Hot stuff, law enforcement, National Crime Agency, News, Ransomware, scareware /

Suspected head of Reveton, Ransom Cartel RaaS groups arrested 2024-08-13 at 17:16 By Help Net Security An international operation coordinated by the UK National Crime Agency (NCA) has resulted in the arrest and extradition of a man believed to be one of the world’s most prolific Russian-speaking cybercrime actors. The arrest The NCA has been

React to this headline:

Loading spinner

Suspected head of Reveton, Ransom Cartel RaaS groups arrested Read More »

Scammers dupe chemical company into wiring $60 million

BEC scams, Don't miss, Europe, fraud, Hot stuff, manufacturing sector, News, USA /

Scammers dupe chemical company into wiring $60 million 2024-08-13 at 16:46 By Zeljka Zorz Orion S.A., a global chemical company with headquarters in Luxembourg, has become a victim of fraud: it lost approximately $60 million through “multiple fraudulently induced outbound wire transfers to accounts controlled by unknown third parties.” The scammers targeted an employee Orion

React to this headline:

Loading spinner

Scammers dupe chemical company into wiring $60 million Read More »

Australian gold mining company hit with ransomware

Australia, Don't miss, enterprise, Hot stuff, News, Ransomware /

Australian gold mining company hit with ransomware 2024-08-13 at 14:17 By Zeljka Zorz Australian gold mining firm Evolution Mining has announced on Monday that it became aware on 8 August 2024 of a ransomware attack impacting its IT systems, and has been working with its external cyber forensic experts to investigate the incident. “Based on

React to this headline:

Loading spinner

Australian gold mining company hit with ransomware Read More »

Browser backdoors: Securing the new frontline of shadow IT

browser, cybersecurity, Don't miss, Expert analysis, Expert corner, extension, Hexnode, Hot stuff, News, opinion, shadow IT /

Browser backdoors: Securing the new frontline of shadow IT 2024-08-13 at 07:31 By Help Net Security Browser extensions are a prime target for cybercriminals. And this isn’t just a consumer problem – it’s a new frontier in enterprises’ battle against shadow IT. Ultimately, more extension permissions result in potentially bigger attack surfaces. Research shows that

React to this headline:

Loading spinner

Browser backdoors: Securing the new frontline of shadow IT Read More »

Key metrics for monitoring and improving ZTNA implementations

Artificial Intelligence, cybersecurity, Don't miss, Features, Hot stuff, human error, News, opinion, policy, strategy, supply chain attacks, Wilson Perumal & Company, zero trust /

Key metrics for monitoring and improving ZTNA implementations 2024-08-13 at 07:01 By Mirko Zorz In this Help Net Security interview, Dean Hamilton, CTO at Wilson Perumal & Company, discusses the complexities of zero trust network access (ZTNA) implementation, focusing on balancing security with operational efficiency. Hamilton highlights strategic planning, collaboration between IT and business leaders,

React to this headline:

Loading spinner

Key metrics for monitoring and improving ZTNA implementations Read More »

Chrome, Edge users beset by malicious extensions that can’t be easily removed

add-ons, adware, Chrome, cybercrime, Don't miss, extension, Hot stuff, Malware, Microsoft Edge, News, Reason Labs /

Chrome, Edge users beset by malicious extensions that can’t be easily removed 2024-08-12 at 16:31 By Zeljka Zorz A widespread campaign featuring a malicious installer that saddles users with difficult-to-remove malicious Chrome and Edge browser extensions has been spotted by researchers. “The trojan malware contains different deliverables ranging from simple adware extensions that hijack searches

React to this headline:

Loading spinner

Chrome, Edge users beset by malicious extensions that can’t be easily removed Read More »

Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200)

0-day, authentication, Don't miss, Hot stuff, Microsoft 365, MS Office, News, PrivSec /

Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200) 2024-08-12 at 13:31 By Zeljka Zorz A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited by attackers to grab users’ NTLM hashes, Microsoft has shared late last week. The vulnerability is exploitable remotely and requires no special privileges or user interaction to be

React to this headline:

Loading spinner

Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200) Read More »

Scout Suite: Open-source cloud security auditing tool

Alibaba Cloud, auditing, AWS, Azure, cloud security, Don't miss, GitHub, Google Cloud, Hot stuff, NCC Group, News, open source, software /

Scout Suite: Open-source cloud security auditing tool 2024-08-12 at 07:31 By Help Net Security Scout Suite is an open-source, multi-cloud security auditing tool designed to assess the security posture of cloud environments. By leveraging the APIs provided by cloud vendors, Scout Suite collects and organizes configuration data, making it easier to identify potential risks. Instead

React to this headline:

Loading spinner

Scout Suite: Open-source cloud security auditing tool Read More »

Steps to improve quality engineering and system robustness

cybersecurity, Don't miss, Hot stuff, News, Roq, Video /

Steps to improve quality engineering and system robustness 2024-08-12 at 06:31 By Help Net Security Major tech outages have recently impacted customers and operations at McDonald’s, Greggs, Deliveroo, Tesco, and Barclays. In this Help Net Security video, Stephen Johnson, CEO of Roq, says it is now imperative for companies and organizations to invest significantly more

React to this headline:

Loading spinner

Steps to improve quality engineering and system robustness Read More »

Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218)

1Password, CVE, Don't miss, Hot stuff, macOS, News, password manager, passwords, security assessment, vulnerability /

Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218) 2024-08-09 at 15:31 By Zeljka Zorz Two vulnerabilities (CVE-2024-42219, CVE-2024-42218) affecting the macOS version of the popular 1Password password manager could allow malware to steal secrets stored in the software’s vaults and obtain the account unlock key, AgileBits has confirmed. Discovered by the

React to this headline:

Loading spinner

Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218) Read More »

“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox

0-day, Chrome, Don't miss, Firefox, Hot stuff, Linux, macOS, News, Oligo Security, Safari, vulnerability /

“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox 2024-08-09 at 13:01 By Zeljka Zorz A “0.0.0.0-Day” vulnerability affecting Chrome, Safari and Firefox can be – and has been – exploited by attackers to gain access to services on internal networks, Oligo Security researchers have revealed. The vulnerability stems from how those popular browsers handle network requests

React to this headline:

Loading spinner

“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox Read More »

NIS2: A catalyst for cybersecurity innovation or just another box-ticking exercise?

Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Innovation, News, opinion, Palo Alto Networks, regulation, security standard, threat detection /

NIS2: A catalyst for cybersecurity innovation or just another box-ticking exercise? 2024-08-09 at 08:02 By Help Net Security The Network and Information Security (NIS) 2 Directive is possibly one of the most significant pieces of cybersecurity regulation to ever hit Europe. The 27 EU Member States have until 17 October 2024 to adopt and publish

React to this headline:

Loading spinner

NIS2: A catalyst for cybersecurity innovation or just another box-ticking exercise? Read More »

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days

0-day, attack, Don't miss, Hot stuff, News, research, SafeBreach, vulnerability, Windows, Windows Server /

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days 2024-08-08 at 13:01 By Zeljka Zorz A researcher has developed a downgrade attack that can make Windows machines covertly, persistently and irreversibly vulnerable, even if they were fully patched before that. A downgrade attack exploiting the Windows Update process The direction of SafeBreach researcher Alon Leviev’s

React to this headline:

Loading spinner

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days Read More »

SSHamble: Open-source security testing of SSH services

Don't miss, GitHub, Hot stuff, News, open source, software, SSH /

SSHamble: Open-source security testing of SSH services 2024-08-08 at 09:33 By Help Net Security runZero published new research on Secure Shell (SSH) exposures and unveiled a corresponding open-source tool, SSHamble. This tool helps security teams validate SSH implementations by testing for uncommon but dangerous misconfigurations and software bugs. Discovered weaknesses During their presentation at Black

React to this headline:

Loading spinner

SSHamble: Open-source security testing of SSH services Read More »

Traceeshark: Open-source plugin for Wireshark

Aqua Security, cybersecurity, Don't miss, Hot stuff, network, News, software, Wireshark /

Traceeshark: Open-source plugin for Wireshark 2024-08-08 at 08:01 By Mirko Zorz Traceeshark is a plugin for Wireshark that enables security practitioners to quickly investigate security incidents. It enhances the capabilities of Aqua Tracee, an open-source runtime security and forensics tool, and allows users to analyze kernel-level event and behavioral detection alongside network traffic. With Traceeshark,

React to this headline:

Loading spinner

Traceeshark: Open-source plugin for Wireshark Read More »

How network segmentation can strengthen visibility in OT networks

communication, cybersecurity, DirectDefense, Don't miss, Expert analysis, Expert corner, firewall, Hot stuff, network, News, opinion, Risk Management, strategy, vulnerability management /

How network segmentation can strengthen visibility in OT networks 2024-08-08 at 07:31 By Help Net Security What role does the firewall play in the protection of operational technology (OT) networks and systems? Many would say that it’s the defensive mechanism to protect that environment from IT and the outside world. For the operators responsible for

React to this headline:

Loading spinner

How network segmentation can strengthen visibility in OT networks Read More »

Scroll to Top